In the Prepare step, you set up authorization boundaries, control overlays, and information types, as well as create the actual authorization package.

In the Categorize step, you define the criticality or sensitivity of your information system according to potential worst-case scenarios. This involves selecting NIST information types for the package and using the information types to define the impact levels for the package.

When the impact levels for the package have been approved, it is time to select baseline controls.

After you have selected controls for implementation and performed any of the possible actions on them, you can implement the controls.

After you have implemented controls, you can assess internal and external controls, generate Plans of Action and Milestones (POA&M), and manage change requests and vulnerable items.

NIST 800-53A – assessment objectives are included in the base system with the CAM application. The assessment objectives are mapped to revision 5 control objectives.

The CAM Workspace is a centralized hub where you can continuously monitor and manage compliance with the NIST Risk Management Framework to ensure adherence to your security policies and guidelines.